Sun Java System Access Manager 7.1 Developer's Guide

Policy Plug-In APIs

The Policy plug-in classes are contained in the com.sun.identity.policy.interfaces package. The following classes are used by service developers and policy administrators who need to provide additional policy features as well as support for legacy policies.


Provides methods to determine the hierarchy of the resource names for a determined service type. For example, these methods can check to see if two resources names are the same or if one is a sub-resource of the other.


Defines methods that can determine if an authenticated user (possessing an SSOToken) is a member of the given subject.


Defines methods used to delegate the policy definition or evaluation of a selected resource (and its sub-resources) to another realm or policy server.


Provides methods used to constrain a policy to , for example, time-of-day or IP address. This interface allows the pluggable implementation of the conditions.


Defines an interface for registering policy events when a policy is added, removed or changed. PolicyListener is used by the Policy Service to send notifications and by listeners to review policy change events.